1dbclient(1)                 General Commands Manual                dbclient(1)
2
3
4

NAME

6       dbclient - lightweight SSH client
7

SYNOPSIS

9       dbclient  [flag  arguments] [-p port] [-i id] [-L l:h:p] [-R l:h:p] [-l
10       user] host [more flags] [command]
11
12       dbclient [args] [user1]@host1[^port1],[user2]@host2[^port2],...
13
14

DESCRIPTION

16       dbclient is a small SSH client
17

OPTIONS

19       command
20              A command to run on the remote host. This  will  normally
21              be  run  by  the  remote host using the user's shell. The
22              command begins at the first  hyphen  argument  after  the
23              host  argument. If no command is specified an interactive
24              terminal will be opened (see -t and -T).
25
26       -p port
27              Connect to port on the remote host. Alternatively a  port
28              can be specified as hostname^port.  Default is 22.
29
30       -i idfile
31              Identity  file.   Read  the identity key from file idfile
32              (multiple allowed). This file is created  with  dropbear‐
33              key(1) or converted from OpenSSH with dropbearconvert(1).
34              The default path ~/.ssh/id_dropbear is used
35
36       -L [listenaddress]:listenport:host:port
37              Local port forwarding.  Forward the  port  listenport  on
38              the local host through the SSH connection to port port on
39              the host host.
40
41       -R [listenaddress]:listenport:host:port
42              Remote port forwarding.  Forward the port  listenport  on
43              the  remote  host through the SSH connection to port port
44              on the host host.
45
46       -l user
47              Username.  Login as user on the remote host.
48
49       -t     Allocate a PTY. This is the default when  no  command  is
50              given,  it  gives  a full interactive remote session. The
51              main effect is that keystrokes are sent remotely  immedi‐
52              ately as opposed to local line-based editing.
53
54       -T     Don't  allocate  a  PTY. This is the default a command is
55              given. See -t.
56
57       -N     Don't request a remote shell or  run  any  commands.  Any
58              command arguments are ignored.
59
60       -f     Fork  into the background after authentication. A command
61              argument (or -N) is required.  This is useful when  using
62              password authentication.
63
64       -g     Allow  non-local  hosts  to  connect  to forwarded ports.
65              Applies to -L and -R forwarded ports, though remote  con‐
66              nections  to -R forwarded ports may be limited by the ssh
67              server.
68
69       -y     Always accept hostkeys if they are unknown. If a  hostkey
70              mismatch  occurs  the connection will abort as normal. If
71              specified a second time no host key checking is performed
72              at all, this is usually undesirable.
73
74       -A     Forward  agent  connections  to the remote host. dbclient
75              will use any OpenSSH-style  agent  program  if  available
76              ($SSH_AUTH_SOCK  will  be set) for public key authentica‐
77              tion.  Forwarding is only enabled if -A is specified.
78
79       -W windowsize
80              Specify  the  per-channel  receive  window  buffer  size.
81              Increasing  this  may  improve network performance at the
82              expense of memory use. Use -h to see the  default  buffer
83              size.
84
85       -K timeout_seconds
86              Ensure  that traffic is transmitted at a certain interval
87              in seconds. This is useful for working  around  firewalls
88              or  routers  that drop connections after a certain period
89              of inactivity. The trade-off is that  a  session  may  be
90              closed  if  there is a temporary lapse of network connec‐
91              tivity.  A  setting  if  0  disables  keepalives.  If  no
92              response  is  received  for  3 consecutive keepalives the
93              connection will be closed.
94
95       -I idle_timeout
96              Disconnect the session if no traffic  is  transmitted  or
97              received for idle_timeout seconds.
98
99
100       -J proxy_command
101
102       -J &fd
103              Use  the  standard input/output of the program proxy_com‐
104              mand rather than using a normal TCP connection.  A  host‐
105              name  should  be  still  be provided, as this is used for
106              comparing saved hostkeys. This command will  be  executed
107              as "exec proxy_command ..." with the default shell.
108
109              The  second  form  &fd will make dbclient use the numeric
110              file descriptor as a socket. This can be  used  for  more
111              complex tunnelling scenarios. Example usage with socat is
112
113              socat    EXEC:'dbclient   -J   &38   ev',fdin=38,fdout=38
114              TCP4:host.example.com:22
115
116
117       -B endhost:endport
118              "Netcat-alike" mode, where Dropbear will connect  to  the
119              given  host,  then  create a forwarded connection to end‐
120              host. This will then be presented as dbclient's  standard
121              input/output.
122
123       -c cipherlist
124              Specify  a comma separated list of ciphers to enable. Use
125              -c help to list possibilities.
126
127       -m MAClist
128              Specify a comma separated list of authentication MACs  to
129              enable. Use -m help to list possibilities.
130
131       -o option
132              Can be used to give options in the format used by OpenSSH
133              config file. This is useful for  specifying  options  for
134              which  there  is no separate command-line flag.  For full
135              details of the options listed below, and  their  possible
136              values,  see  ssh_config(5).   The following options have
137              currently been implemented:
138
139
140              ExitOnForwardFailure
141                     Specifies whether dbclient  should  terminate  the
142                     connection if it cannot set up all requested local
143                     and remote port forwardings. The argument must  be
144                     “yes” or “no”.  The default is “no”.
145
146              UseSyslog
147                     Send  dbclient  log messages to syslog in addition
148                     to stderr.
149
150       -s     The specified command will be requested as  a  subsystem,
151              used for sftp. Dropbear doesn't implement sftp itself but
152              the OpenSSH sftp client can be used eg sftp  -S  dbclient
153              user@host
154
155       -b [address][:port]
156              Bind  to  a specific local address when connecting to the
157              remote host. This can be used  to  choose  from  multiple
158              outgoing interfaces. Either address or port (or both) can
159              be given.
160
161       -V     Print the version
162
163

MULTI-HOP

165       Dropbear will also allow multiple "hops" to be specified,  sepa‐
166       rated  by  commas. In this case a connection will be made to the
167       first host, then a TCP forwarded connection will be made through
168       that  to  the second host, and so on. Hosts other than the final
169       destination will not see anything other than the  encrypted  SSH
170       stream.   A  port  for  a host can be specified with a caret (eg
171       matt@martello^44 ).  This syntax can also be used  with  scp  or
172       rsync  (specifying  dbclient as the ssh/rsh command). A file can
173       be "bounced" through multiple SSH hops, eg
174
175       scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
176
177       Note that hostnames are resolved by the prior hop (so  "canyons"
178       would  be  resolved by the host "wrt") in the example above, the
179       same way as other -L TCP forwarded  hosts  are.  Host  keys  are
180       checked locally based on the given hostname.
181
182

ESCAPE CHARACTERS

184       Typing  a  newline followed by the  key sequence ~. (tilde, dot)
185       will terminate a connection.  The sequence ~^Z  (tilde,  ctrl-z)
186       will background the connection. This behaviour only applies when
187       a PTY is used.
188
189

ENVIRONMENT

191       DROPBEAR_PASSWORD
192              A password to use for remote authentication can be speci‐
193              fied  in the environment variable DROPBEAR_PASSWORD. Care
194              should be taken that the password is not exposed to other
195              users  on  a  multi-user  system, or stored in accessible
196              files.
197
198       SSH_ASKPASS
199              dbclient can use an external program to request  a  pass‐
200              word  from a user.  SSH_ASKPASS should be set to the path
201              of a program that will return a password on standard out‐
202              put.  This program will only be used if either DISPLAY is
203              set and standard input is not a TTY, or  the  environment
204              variable SSH_ASKPASS_ALWAYS is set.
205

NOTES

207       If  compiled  with  zlib  support and if the server supports it,
208       dbclient will always use compression.
209
210

AUTHOR

212       Matt Johnston (matt@ucc.asn.au).
213       Mihnea Stoenescu wrote initial Dropbear client support
214       Gerrit Pape (pape@smarden.org) wrote this manual page.
215

SEE ALSO

217       dropbear(8), dropbearkey(1)
218
219       https://matt.ucc.asn.au/dropbear/dropbear.html
220
221
222
223                                                                   dbclient(1)
Impressum